github.com/kubernetes/kubernetes is vulnerable to path traversal attacks. The attacks are possible because it does not validate the names of all object types ObjectMeta
in BeforeCreate()
before passing them to etcd
to generate etcd key
.
access.redhat.com/errata/RHSA-2015:1945
access.redhat.com/errata/RHSA-2015:1945
access.redhat.com/security/cve/CVE-2015-5305
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1273969
bugzilla.redhat.com/show_bug.cgi?id=1273969
rhn.redhat.com/errata/RHSA-2015-1945.html